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1.Which command entered on a switch configured with Rapid PVST* listens and 
learns for a specific time period? 

A. switch(config)#spanning-tree vlan 1 max-age 6 

B. switch(config)#spanning-tree vlan 1 hello-time 10 

C. switch(config)#spanning-tree vlan 1 priority 4096 

D. switch(config)#spanning-tree vlan 1 forward-time 20 

Answer: D 

Explanation: 

Forward time: Determines how long each of the listening and learning states last 
before the port begins forwarding. 

Switch(config)# [ no ] spanning-tree vlan vlan_ID forward-time forward_time 
Configures the forward time of a VLAN. The forward_time value can be from 4 to 30 
seconds. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4600/12-2/15-02 
SG/configuration/guide/config/spantree.html#561 77 


2.Refer to Exhibit. ss 


RID: 192. 168.2. 1 


RID: 192.168.2.4 


8 2 192.168 :סוה | 
| 


RID: 192.168.2.6 
BOR 


All routers in the network are configured R2 must be the DR. After the engineer 


connected the devices, R1 was elected as the DR. 
Which command sequence must be configure on R2 to Be elected as the DR in the 
network? 


R2(config#interface gi0/0 
R2(config-if#ip ospf priority 1 


> R2(config Winterface gio 
R2íconñg-ifip ospf pnority 0 


R2(config router ospf 1 
R2(config-router#router-id 10.100.100.100 


R2i(config)#router ospt 1 
R2(config-outer)*router-id 192.168.2.7 


A. Option A K 
B. Option B 4° 
C. Option C „9 

D. Option D <| 
Answer: B לש‎ 


3.Refer to Exhibit. > 


| י‎ Primary Circuit ₪ 


Secondary Circuit 


at, 
. 
Image Server 


Client A 
10.10.13.10/25 


192.168.0.100/24 


Rl#show ip route 
Gateway of last resort is 10.10.10.2 to network 0.0.0.0 
s* 0.0.0.0/0 [1/0] via 10.10.10.2 


R2#show ip route 
Gateway of last resort is 10.10.10.1 to network 0.0.0.0 
8* 0.0.0.0/0 [1/0] via 10.10.10.1 


Routers R1 and R2 have been confi 0 with their respective LAN interfaces. The 

two circuits are operational and reachable across WAN. | 0/9 

Which command set 2 seal redundancy if the primary circuit goes down? 
Ri(config ip route 10.10.13.10 255.255.255.255 10.10.10.2 
R2(config ip route 192.168.0100 255.255.255.255 10.10.10.1 

e Ri(config ip route 0.0.0.0 0.0.0.0 0.6 2 
R2(config קוא‎ route 0.0.0.0 0.0.0.0 10.10.10.5 2 
Ri(config ip route 10.10.13.10 255.255.255.255 10.10.10.6 
R2(conhg #ip route 192.168.0.100 255.255.255.255 10.10.10.5 
Ri(config #ip route 0.0.0.0 0.0.0.0 10.10.10.6 
R2(corfig #ip route 0.0.0.0 0.0.0.0 10.10.10.5 


A. Option A 
B. Option B 
C. Option C 
D. Option D 
Answer: B 


4 Refer to Exhibit. 


rs 


62 
Router R1 80/0 is unable (6 ping router R3 Fa0'1. 
Which action must be taken in router R1 to help resolve the configuration issue? 
A. set the default nerk as 20.20.20.0/24 
B. set the default gateway as 20.20.20.2 
C. configure a סו‎ route with Fa0/1 as the egress interface to reach the 
20.20.20.0/24 network 
D. configure a static route with 10.10.10.2 as the next hop to reach the 20.20.20.0/24 
network 
Answer: D 


5.What is a benefit of using a Cisco Wireless LAN Controller? 

A. Central AP management requires more complex configurations 
B. Unique SSIDs cannot use the same authentication method 

C. It supports autonomous and lightweight APs 


D. It eliminates the need to configure each access point individually 
Answer: D 


6.Which network allows devices to communicate without the need to access the 
Internet? 

A. 1729.0.0/16 

B. 172.28.0.0/16 

C. 192.0.0.0/8 

D. 209.165.201.0/24 

Answer: B 

Explanation: 

The private ranges of each class of IPv4 are listed below: 

Class A private IP address ranges from 10.0.0.0 50 ofiss B private IP 
address ranges from 172.16.0.0 to 172.31.255.255 Class C priva | IP address ranges 


from 192.168.0.0 to 4% 
> 
7.168.255.255 Only the network 172.28.0.0/16 belongs gBthe private IP address (of 
class B). 
Po 


8.When configuring a WLAN with WPA2 PSKh : Cisco Wireless LAN Controller 
GUI, which two formats are available to selSct? (Choose two) 
A. ASCII 4 
B. base64 כ‎ 
6. binary ₪ 
D. decimal > 
=. hexadecimal gf 
Answer: A, E יס‎ 

vo a 
Explanation: ₪ 
Reference: https://yWw.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuratio 
n/guides/consolig&ted/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter 


010 10001 html 


9.DRAG DROP 
Drag drop the descriptions from the left onto the correct configuration-management 
technologies on the right. 


Answer Area 


Answer Area 


uses YAML for fundamental configuration 
elements 


uses TCP port 10002 for configuration 
push jobs 


uses Ruby for fundamental configuration 
elements 


uses TCP 8140 for communication 


fundamental configuration elements are 
stored in a manifest 
Explanation: ג‎ 


2 
The focus of Ansible is to “Streamlined and fast, and to require no node agent 
installation. Thus, Ansibl® performs all functions over SSH. Ansible is built on Python, 
in contrast to the ₪ 
foundation of Puppe and Chef. 
TCP port 0965 the command port. It may be configured in the Chef Push Jobs 
configuration file . 
This port allows Chef Push Jobs clients to communicate with the Chef Push Jobs 
server. 
Puppet is an open-source configuration management solution, which is built with 
Ruby and offers custom Domain Specific Language (DSL) and Embedded Ruby 
(ERB) templates to create custom Puppet language files, offering a declarative- 
paradigm programming approach. 
A Puppet piece of code is called a manifest, and is a file with .pp extension. 


10.An organization has decided to start using cloud-provided services. 

Which cloud service allows the organization to install its own operating system ona 
virtual machine? 

A. platform-as-a-service 

B. software-as-a-service 

C. network-as-a-service 

D. infrastructure-as-a-service 

Answer: B 

Explanation: 

Below are the 3 cloud supporting services cloud providers provide to customer: 

+ SaaS (Software as a Service): SaaS uses the web to deliver applications that are 
managed by a third-party vendor and whose interface is accessed on the clients’ 
side. Most SaaS applications can be run directly from a web browser without any 
downloads or installations required, although some require plugins, 

+ PaaS (Platform as a Service): are used for applications, and otter development, 
while providing cloud components to software. © 

What developers gain with PaaS is a framework they can bld upon to develop or 
customize applications. PaaS makes the development, testing, and deployment of 
applications quick, simple, and cost-effective. With thistechnology, enterprise 


operations, or a thirdparty provider, can manage 6, virtualization, servers, 
storage, networking, and the PaaS software its% Developers, however, manage the 
applications. בי‎ 


+ laaS (Infrastructure as a Service): self-g@fvice models for accessing, monitoring, 
and managing remote datacenter infras#fuctures, such as compute (virtualized or bare 
metal), storage, networking, and netyiorking services (e.g. firewalls). Instead of having 
to purchase hardware outright, usefs can purchase laaS based on consumption, 
similar to electricity or other utility billing. 

In general, laaS provides hardware so that an organization can install their own 
operating system. 


o 
11.DRAG DROR&” 
Drag and drop fhe descriptions of file-transfer protocols from the left onto the correct 
protocols on the right. 


Answer Area 


provides reliability when loading an ales 
ו‎ e provides reliability when loading an 
IOS image upon boot up 
does not require user authentication a 
uses ports 20 and 1 | 


uses ports 20 and 1 


j 
~ 


FIP 


12.Refer to exhibit. 


CertBus-Router(config)#interface GigabitEthernet 1/0/1 


CertBus-Router(config-if)#ip address 192.168.16.143 255.255.255.240 
Bad mask /28 for address 192.168.16.143 


Which statement explains the configuration error message that is received? 
A. It is a broadcast IP address 

B. The router does not support /28 mask. 

C. It belongs to a private IP address range. 

D. IT is a network IP address. 

Answer: A 


13.Which attribute does a router use to select the best path when two or more 
different routes to the same destination exist from two different routing protocols. 


A. dual algorithm 

B. metric 

C. administrative distance 

D. hop count 

Answer: C 

Explanation: 

Administrative distance is the feature used by routers to select the best path when 
there are two or more different routes to the same destination from different routing 
protocols. Administrative distance defines the reliability of a routing protocol. 


14.Which command prevents passwords from being stored in the configuration as 
plain text on a router or switch? ç 

A. enable secret > 
5. service password-encryption 2 
6. username Cisco password encrypt g$ 
D. enable password > 
Answer: B ₪ 


15. frame that enters a switch fails the Frame Sheck Sequence. 
Which two interface counters are incremented? (Choose two) 

A. runts V 

B. giants So 

C. frame כ‎ 
D. CRC oX 

E. input errors > 
Answer: DE gf 
Explanation: a 

Whenever the physicabtransmission has problems, the receiving device might receive 
a frame whose bits fave changed values. These frames do not pass the error 
detection logic 2 in the FCS field in the Ethernet trailer. The receiving 
device discards the frame and counts it as some kind of input error. 

Cisco switches list this error as a CRC error. Cyclic redundancy check (CRC) is a 
term related to how the FCS math detects an error. 

The “input errors” includes runts, giants, no buffer, CRC, frame, overrun, and ignored 
counts. 

The output below show the interface counters with the “show interface s0/0/0” 
command: 


Router#show interface s6/0/0 
56791810/0/6 is up, line protocol is up 
Hardware is M4T 
Description: Link to R2 
Internet address 15 908 
MTU 1506 bytes, BW 1544 Kbit, DLY 20000 usec, 
reliability 255/255, txload 1/255, rxload 1/255 
--output omitted-- 
5 minute output rate 0 bits/sec, @ packets/sec 
268 packets input, 24889 bytes, @ no buffer 
Received @ broadcasts, @ runts, @ giants, © throttles 
© input errors, @ CRC, © frame, 0 overrun, 6 ignored, © abort 
251 packets output, 23498 bytes, @ underruns 
@ output errors, @ collisions, 0 interface resets 
6 output buffer failures, 6 output buffers swapped out 
@ carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up 
ו‎ 
> 
כל‎ 


16.DRAG DROP בי‎ 


Drag and drop the WLAN components frofrthe left onto the correct descriptions on 
the right. , 5 
Q 


Answer Area 


Answer Area 


access point wireless LAN controller 


9 
17.Which command enables a router to becomegSDHCP client? 
A. ip address dhcp D 
B. ip helper-address 64 
C. ip dhcp pool 
D. ip dhcp client we 
כ‎ 

i גי‎ 
Explanation: < 
Reference: https://www.cisca@om/c/en/us/td/docs/ios- 
xml/ios/ipaddr_dhcp/contiguration/12-4/dhcp-12-4-book/config-dhcp-client.html 
If we want to get an conf from the DHCP server on a Cisco device, we can use 
the command “ip address dhcp”. 
Note:. The commatid “ip helper-address” enables a router to become a DHCP Relay 
Agent. © 


18.Which two encoding methods are supported by REST APIs? (Choose two) 
A. YAML 


httos://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/rest_cfg/2 
_1_x/b_Cisco_APIC_REST_API_Configuration_Guide/b_Cisco_APIC_REST_API_C 
onfigura tion_Guide_chapter_01.html 

Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw 
/5_x/rest_api_config/b_ Cisco _N1KV_VMware_REST_ API Config _5x/b_Cisco_N1KV 
_VMware_REST_API_Config_5x_chapter_010.pdf 

The Application Policy Infrastructure Controller (APIC) REST API is a programmatic 
interface that uses REST architecture. The API accepts and returns HTTP (not 
enabled by default) or HTTPS messages that contain JavaScript Object Notation 
(JSON) or Extensible Markup Language (XML) documents. 


19.Two switches are connected and using Cisco Dynamic Trunking Pratocol SW1 is 


set to Dynamic Desirable כ‎ 
What is the result of this configuration? ג‎ 
A. The link is in a down state. 4% 
B. The link is in an error disables state Š 
C. The link is becomes an access port. 2 
D. The link becomes a trunk port. Ka 
Answer: D "אש‎ 
א‎ 

20.When configuring IPv6 on an interfacegWhich two IPv6 multicast groups are 
joined? (Choose two) 4 
A. 2000::/3 wf 
B. 2002::5 ₪ 
0.77 > 
D. FFO2::1 gf 
E. FF02::2 a 
Answer: DE 9 

. 9 
Explanation: Pag 


Reference: https#www.cisco.com/c/en/us/td/docs/ios- 
xml/ios/ipv6/coMfiguration/xe-3s/ipv6-xe-36s- 

book/ip6-multicast.html 

When an interface is configured with IPv6 address, it automatically joins the all nodes 
(FFO2::1) and solicited-node (FFO2::1:FFxx:xxxx) multicast groups. The all-node 
group is used to communicate with all interfaces on the local link, and the solicited- 
nodes multicast group is required for link-layer address resolution. Routers also join a 
third multicast group, the all-routers group (FFO2::2). 


21.Which MAC address is recognized as a VRRP virtual address? 
A. 0000.5E00.010a 


B. 0005.3711.0975 

C. 0000.0C07.AC99 

D. 0007.C070/AB01 

Answer: A 

Explanation: 

With VRRP, the virtual router's MAC address is 0000.5E00.01 xx , in which xx is the 
VRRP group. 


Which way does a spine and-leaf architecture allow for scalability in a network‏ חו.22 
when additional access ports are required?‏ 
A. A spine switch and a leaf switch can be added with redundant connections‏ 
between them <‏ 
ג B. A spine switch can be added with at least 40 GB uplinks‏ 
C. A leaf switch can be added with a single connection to a core spine switch.‏ 
D. A leaf switch can be added with connections to every spine switch‏ 
Answer: D $‏ 
Explanation: 4°‏ 

0 
Spine-leaf architecture is typically deployed as two | ב‎ spines (Such as an 
aggregation layer), and leaves (such as an access fal er). Spine-leaf topologies 
provide high-bandwidth, low-latency, nonblockin§server-to-server connectivity. 
Leaf (aggregation) switches are what providgtéevices access to the fabric (the 
network of spine and leaf switches) and ar typically deployed at the top of the rack. 
Generally, devices connect to the leaf saitches. 
Devices can include servers, Layer 4°7 services (firewalls and load balancers), and 
WAN or Internet routers. Leaf swithes do not connect to other leaf switches. In spine- 
and-leaf architecture, every leafshould connect to every spine in a full mesh. 
Spine (aggregation) switches-are used to connect to all leaf switches and are typically 
deployed at the end or mifale of the row. Spine switches do not connect to other 
spine switches. ₪ 
Vv 


& 


כ 
23.Which type $F wireless encryption is used for WPA2 in preshared key mode?‏ 
A. TKIP with RC4‏ 
B. RC4‏ 
C. AES-128‏ 
D. AES-256‏ 
Answer: D‏ 
Explanation:‏ 
We can see in this picture we have to type 64 hexadecimal characters (256 bit) for the‏ 
WPA2 passphrase so we can deduce the encryption is AES-256, not AES-128.‏ 


Profile Management 2) x!) 
General Security | Advanced | 
~ Set Security Options 
07 WPAAWPA2/CCKM WPAMWPA2/CCKM EAP Type: [LEAF 
6 \WPAAVPA2 Passphrase 


PA 4 .. FAN Toes f , ~ 1 


8 -- è 
fective WPA/WPAZ Pre-Shared Key 1 
CF 


2 Enter a WPA/WPA2 passphtase )8 to 63 ASCII or 64 hexadecimal characters} 


1 234567890 30000)1 0 
[cents] 


OK | Cancel | 


1 
v 
https://www.cisco.com/c/en/us/support/@6cs/wireless-mobility/wireless-lan- 
wlan/67134-wpa2-config.html כ‎ 
4 


ג 
24.Which two actions are pesformed by the Weighted Random Early Detection‏ 
mechanism? (Choose tw@)‏ 
drops lower-priority packets before it drops higher-priority packets‏ זו A.‏ 
B. It can identify diff8rent flows with a high level of granularity‏ 
C. lt guarantees we delivery of high-priority packets‏ 
D. It can mitigate congestion by preventing the queue from filling up‏ 
E. it supports protocol discovery‏ 
Answer: AD‏ 
Explanation:‏ 
Weighted Random Early Detection (WRED) is just a congestion avoidance‏ 
mechanism. WRED drops packets selectively based on IP precedence. Edge routers‏ 
assign IP precedences to packets as they enter the network.‏ 
When a packet arrives, the following events occur:‏ 


25. The average queue size is calculated. 


26. If the average is less than the minimum queue threshold, the arriving packet is 
queued. 


27. If the average is between the minimum queue threshold for that type of traffic and 
the maximum threshold for the interface, the packet is either dropped or queued, 
depending on the packet drop probability for that type of traffic. 


28. If the average queue size is greater than the maximum threshold, the packet is 
dropped. WRED reduces the chances of tail drop (when the queue is full, the packet 
is dropped) by selectively dropping packets when the output interface begins to show 
signs of congestion (thus it can mitigate congestion by preventing the queue from 
filling up). By dropping some packets early rather than waiting until the queue is full, 
WRED avoids dropping large numbers of packets at once and minimizes the chances 
of global synchronization. Thus, WRED allows the transmission linet be used fully at 
all times. ג‎ 

WRED generally drops packets selectively based on IP precegénce. Packets with a 
higher IP precedence are less likely to be dropped than p ts with a lower 
precedence. Thus, the higher the priority of a packet, thg higher the probability that 
the packet will be delivered X 


6 
se 
oud 


29.When a floating static route is configureda Which action ensures that the backup 
route is used when the primary route fails@> 

A. The floating static route must have agfigher administrative distance than the 
primary route so it is used as a back 

B. The administrative distance myst be higher on the primary route so that the backup 
route becomes secondary. < 

C. The floating static route gtst have a lower administrative distance than the primary 
route so it is used as a batkup 

D. The default-informatron originate command must be configured for the route to be 
installed into the royftmg table 


. O 
Answer: A ¿Ê 


30.Refer to the exhibit. 


Atlanta#conf t 

Enter configuration commands, one per line. End with CNTL/Z. 
Atlanta(config) #aaa new-nodel 

Atlanta (config) #aaa authentication login default local 
Atlanta (config) #line vty 0 4 

Atlanta (config-line) #login authentication default 


Atlanta (config-line) #exit 

Atlanta (config) #username ciscoadmin password adminadmin123 
Atlanta (config) #username ciscoadmin privilege 15 

Atlanta (config) #enable password ciscol123 

Atlanta(config) #enable secret testing1234 

Atlanta (config) #end 


Which password must an engineer use to enter the enable mode? Ro 
A. adminadmin1 3 
B. default ב‎ 

C. testing 1234 RS 

D. cisco123 4° 

Answer: C > 
Explanation: S 

neither the enable password command nor thenable secret command is‏ זו 
configured, and if there is a line password configured for the console, the console line‏ 
password serves as the enable password 46r all VTY sessions ->. The “enable‏ 
secret” will be used first if available, new enable password” and line password.‏ 


NY 
e 
} 


31.How do TCP and UDP diffe the way that they establish a connection between 
two endpoints? 2 

A. TCP uses synchronization packets, and UDP uses acknowledgment packets. 

B. UDP uses SYN, SYMPACK and FIN bits in the frame header while TCP uses SYN, 
SYN ACK and ACK is 

C. UDP provides-féliable message transfer and TCP is a connectionless protocol 

D. TCP uses 6 three-way handshake and UDP does not guarantee message 
delivery 

Answer: D 


32.Which mode allows access points to be managed by Cisco Wireless LAN 
Controllers? 

A. autonomous 

B. lightweight 

C. bridge 

D. mobility express 


Answer: B 

Explanation: 
httos://www.cisco.com/c/en/us/support/docs/wireless/aironet-1200-series/70278-lap- 
faq.html 

A Lightweight Access Point (LAP) is an AP that is designed to be connected to a 
wireless LAN (WLAN) controller (WLC). APs are “lightweight,” which means that they 
cannot act independently of a wireless LAN controller (WLC). The WLC manages the 
AP configurations and firmware. The APs are “zero touch” deployed, and individual 
configuration of APs is not necessary. 


33.Which QoS Profile is selected in the GUI when configuring a voice over WLAN 
deployment? > 
A. Bronze > 
B. Platinum 2 
C. Silver g$ 
D. Gold Š 
Answer: B ₪ 
Explanation: 6 
Reference: https://www.cisco.com/c/en/us/supportsécs/wireless-mobility/wireless-lan- 
wlan/81831-qos-wic-lap.html a 
Cisco Unified Wireless Network solution W support four levels of QoS: 
Platinum/Voice, Gold/Video, Silver/Best Effort (default), and Bronze/Background. 

2 


aS 
34.If a notice-level messaging is gent to a syslog server, which event has occurred? 
A. A network device has restarted 
B. An ARP inspection has fajtéd 
C. A routing instance hagttapped 
D. A debug operations running 
Answer: C Pig 
Explanation: f 
Usually no action is required when a route flaps so it generates the notification syslog 
level message (level 5). 


35.What are two southbound APIs? (Choose two) 
A. OpenFlow 

B. NETCONF 

C. Thrift 

D. CORBA 

E. DSC 

Answer: AB 


Explanation: 

OpenFlow is a well-known southbound API. OpenFlow defines the way the SDN 
Controller should interact with the forwarding plane to make adjustments to the 
network, so it can better adapt to changing business requirements. 

The Network Configuration Protocol (NetConf) uses Extensible Markup Language 
(XML) to install, manipulate and delete configuration to network devices. 


36.An email user has been lured into clicking a link in an email sent by their 
company's security organization. The webpage that opens reports that it was safe but 
the link could have contained malicious code. 
Which type of security program is in place? 
A. Physical access control > 
B. Social engineering attack > 
C. brute force attack g 
6 

D. user awareness Q$ 
Answer: D $ 

ב ו 
Explanation: 2‏ 
This is a training program which simulates an attack, «aot a real attack (as it says “The‏ 
webpage that opens reports that it was safe”) so believed it should be called a‏ 
“user awareness” program. Therefore the best afswer here should be “user‏ 


awareness”. a> 
This is the definition of “User awareness” {m CCNA 200- 301 Offical Cert Guide 
Book: 


“User awareness: All users should hěnade aware of the need for data confidentiality 
to protect corporate information, “well as their own credentials and personal 
information. They should also ke made aware of potential threats, schemes to 
mislead, and proper proce 5 to report security incidents.” Note: Physical access 
control means infrastructete locations, such as network closets and data centers, 
should remain ea ocked. 

S 
37.An enginee must configure a/30 subnet between two routers. 
Which usable IP address and subnet mask combination meets this criteria? 


interface @0/0 
description to HQ-A371:19452 
ip address 209.165.201.2 255.255.255.252 


interface e0/0 
description to HQ-A371:19452 
ip address 10.2.1.3 255.255.255.252 


interface e0/0 : | 

description סל‎ 2 à 

ip address 172.16.1.4 8 ro 
8 


interface e0/0 

description סל‎ 2 

ip address 192.168.1.1 1 8 
© 


O 
A. Option A D 
B. Option B 4 
C. Option C x 
D. Option D we 
Answer: A 1 


38.What is the default batraVior of a Layer 2 switch when a frame with an unknown 
destination MAC 8001058 is received? 

A. The Layer 2 switefPdrops the received frame 

B. The Layer 2 switch floods packets to all ports except the receiving port in the given 
VLAN. ₪ 

C. The Layer 2 switch sends a copy of a packet to CPU for destination MAC address 
learning. 

D. The Layer 2 switch forwards the packet and adds the destination MAC address to 
its MAC address table 

Answer: B 

Explanation: 

If the destination MAC address is not in the CAM table (unknown destination MAC 
address), the switch sends the frame out all other ports that are in the same VLAN as 
the received frame. This is called flooding. It does not flood the frame out the same 
port on which the frame was received. 


39.Refer to the exhibit. 


R2#show ip nat translations 
Pro Inside global Inside local Outside local Outside global 


tcp 172.23.104.3:43268 10.4.4.4:43268 1 33ם2‎ 172.23:..103.10:23 
top 172.23.104.4:45507 10.4.4.5:45507 172.23.103.10:80 172.23.103.10:80 


An engineer configured NAT translations and has verified that the configuration is 
correct. 

Which IP address is the source IP? 

A. 10.4.4.4 

B. 10.4.4.5 KI 
C. 172.23.103.10 א‎ 
D. 172.23.104.4 Kà 
Answer: D = 
Explanation: 4° 

NAT is used to send a packet to the outside network, using a public IP address to 
make it routable. The NAT logic is "inside-to-outsid SFIRST and "outside-to-inside" 
THEN. This way, configuring NAT means "choosiffg a public IP address" for any 
outbound packet" IN THE FIRST PLACE, where "public IP address" translates to 
"inside global address". Among the given awers, the only inside global address is 


172.123.104.4. 9 
ב‎ 
ee? 
e 


40.Which feature on the Cisco Weles LAN Controller when enabled restricts 
management access from spetific networks? 

A. CPU ACL ₪ 

5. TACACS לוס‎ 
0. Flex ACL Ñ 
D. RADIUS |. 
Answer: A O 
Explanation: 
Reference: https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan- 
security/71978-acl-wlc.html 


41.Which command automatically generates an IPv6 address from a specified IPv6 
prefix and MAC address of an interface? 

A. ipv6 address dhcp 

B. ipv6 address 2001:DB8:5:112::/64 eui-64 

C. ipv6 address autoconfig 


D. ipv6 address 2001 :DB8:5:1 12::2/64 link-local 

Answer: C 

Explanation: 

The “ipv6 address autoconfig” command causes the device to perform IPv6 stateless 
address autoconfiguration to discover prefixes on the link and then to add the EUI-64 
based addresses to the interface. 

Addresses are configured depending on the prefixes received in Router 
Advertisement (RA) messages. 

The device will listen for RA messages which are transmitted periodically from the 
router (DHCP Server). 

This RA message allows a host to create a global IPv6 address from: 

+ Its interface identifier (EUI-64 address) 

+ Link Prefix (obtained via RA) 

Note: Global address is the combination of Link Prefix and EUI-64 giros 

& 

42.An engineer is asked to protect unused ports that are egergured in the default 
VLAN on a switch. Pa 

Which two steps will fulfill the request? (Choose two). 

A. Configure the ports in an EtherChannel. ב‎ 

B. Administratively shut down the ports a 

C. Configure the port type as access and plag@ in VLAN 99 

D. Configure the ports as trunk ports ox 

E. Enable the Cisco Discovery Protocok? 


Answer: BC ג‎ 
RZ 
> 
<$ 
43.Which output displays 460% data representation? 
A) a 
XV 


{ 


“response”. { 
‘tasklid”. {y 
‘url’. “string” 


“version”. “string” 


“response”: { 
“‘taskid”: f}; 
“url”: “string” 


} 


fersion”: “string” 
} 


C) 


{ 
“‘response’- { 
‘taskid”- 1 
“url’- “string” 
1 40 
-"חסופזסע'‎ “string” s” 


| 


9 
D) ₪0 


í 
‘response’: { 
‘taskid”: f, 
“url”: “string” 
} 


version”: “string” 


A. Option A 

B. Option B 

C. Option C 

D. Option D 

Answer: C 

Explanation: 

JSON data is written as name/value pairs. 

A name/value pair consists of a field name (in double quotes), followed by a colon, 
followed by a 

value: 

“name”:’Mark” 

JSON can use arrays. Array values must be of type string, number, object, array, 
boolean or null. ç 

For example: > 
{ 2 
“name”:” John”, Q$ 
“age”:30, > 
“cars”:[ “Ford”, “BMW”, “Fiat” ] ₪ 

} 4 
JSON can have empty object like “taskld”:{} 


בי 

44.Which command is used to specify הו‎ time in seconds for LLDP to initialize 
on any interface? o% 
A. Ildp timer ב‎ 
B. ססוו‎ holdtimt 
C. Ildp reinit > 
D. Ildp tlv-select gf 
Answer: C יס‎ 

a‏ ה 
Explanation: L‏ 
Reference: https://yWw.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/‏ 
release/1 2-2_37,66y/configuration/guide/scg/swlldp.pdf‏ 
Ildp holdtime Seconds: Specify the amount of time a receiving device should hold‏ + 
the information from your device before discarding it‏ 
reinit delay: Specify the delay time in seconds for LLDP to initialize on an‏ ססוו + 
interface‏ 
lldp timer rate: Set the sending frequency of LLDP updates in seconds‏ + 


45.A network engineer must back up 20 network router configurations globally within 
a customer environment. 

Which protocol allows the engineer to perform this function using the Cisco IOS MIB? 
A. CDP 


5. SNMP 

6. SMTP 

D. ARP 

Answer: B 

Explanation: 

SNMP is an application-layer protocol that provides a message format for 
communication between SNMP managers and agents. SNMP provides a 
standardized framework and a common language used for the monitoring and 
management of devices in a network. 

The SNMP framework has three parts: 

+ An SNMP manager 

+ An SNMP agent 

+ A Management Information Base (MIB) > 

The Management Information Base (MIB) is a virtual information stoge area for 
network management information, which consists of collections anaged objects. 
With SNMP, the network administrator can send commands tesfhultiple routers to do 


$ 
the backup Fos 
6 
se 
46.DRAG DROP 
Drag and drop the threat-mitigation techniques ffém the left onto the types of threat or 
attack they mitigate on the right. ve 
wv 


Answer Area 


interfaces 


unwanted BPDUs on PortFast-enabled 


Answer: 


Answer Area 


Configure BPDU guard. Configure VACL. 


Configure VACL. Configure BPDU guard. 


„O 
Explanation: ג‎ 
Double-Tagging attack: 0 
$ 
Native Switch A Nate Switch 8 
VLAN 100 VLAN 100 
Attacker Target in 
- VLAN 200 
v 


In this attack, the attacking computer gefierates frames with two 802.1Q tags. The 
first tag matches the native VLAN of-ffie trunk port (VLAN 10 in this case), and the 
second matches the VLAN of a host it wants to attack (VLAN 20). 

When the packet from the attagker reaches Switch A, Switch A only sees the first 
VLAN 10 and it matches wi"its native VLAN 10 so this VLAN tag is removed. Switch 
A forwards the frame outeall links with the same native VLAN 10. Switch B receives 
the frame with an agg LAN 20 so it removes this tag and forwards out to the Victim 
computer. o 

Note: This atta kĝnly works if the trunk (between two switches) has the same native 
VLAN as the attacker. 

To mitigate this type of attack, you can use VLAN access control lists (VACLs, which 
applies to all traffic within a VLAN. We can use VACL to drop attacker traffic to 
specific victims/servers) or implement Private VLANs. 

ARP attack (like ARP poisoning/spoofing) is a type of attack in which a malicious 
actor sends falsified ARP messages over a local area network as ARP allows a 
gratuitous reply from a host even if an ARP request was not received. This results in 
the linking of an attacker's MAC address with the IP address of a legitimate computer 
or server on the network. This is an attack based on ARP which is at Layer 2. 
Dynamic ARP inspection (DAI) is a security feature that validates ARP packets in a 
network which can be used to mitigate this type of attack. 


47.DRAG DROP 


Drag and drop the network protocols from the left onto the correct transport services 
on the right. 


Answer Area 


Answer: 


. < 
49.Refer to the exhibit. > 


Gi 0/1 = 02 1 


| Gi 0/3 | Gi 0/2 


10.0.20.0/26 1 1 16 
= = 


22% config t 

R2 (config) #access-list 101 deny tcp 10.0.20.0 0.0.0.63 
10.0.10.0 0.0.0.63 eq smtp 

R2 (config) #access-list 101 deny tcp 10.0.20.0 0.0.0.63 
10.0.10.0 0.0.0.63 eq www 

R2 (config) #int gi0/2 

R2 (config-if)# ip access-group 101 in 


4? 
An extended ACL has ו‎ E and applied to router R2. The configuration 
failed to work as intendéd. 
Which two 080008 Stop outbound traffic on TCP ports 25 and 80 to 10.0.20 0 26 
from the 10.0.1 0.67126 subnet while still allowing all other traffic? (Choose two) 
A. Adda "permit סו‎ any any" statement to the begining of ACL 101 for allowed traffic. 
B. Add a "permit ip any any" statement at the end of ACL 101 for allowed traffic 
C. The source and destination IPs must be swapped in ACL 101 
D. The ACL must be configured the Gi0/2 interface inbound on 1 
=. The ACL must be moved to the Gi0/1 interface outbound on 2 
Answer: BC 


50.Refer to the exhibit. 


0 
77---- KS 


Internet 


10.10.10.0/30 
Firewall 


Rigshow ip route 
Gateway of last resort is 10.10.10.18 to network 0.0.0.0 


10.0.0.0/8 is variably subnetted, 4 subnets. 3 Masks 

6 10.10.10.0/30 is directly connected. FastEthernet0/1 

0 10.10.13.0/25 ]110/4576[ via 10.10.10.1, 02:53:11, FastEthernet0/1 
C 10.10.10.16/30 is directly connected, FastEthernet0/24 

0 10.10.13.144/28 [110/110] via 10.10.10.1, 03:51:21, FastEthernet0/1 
B* 0.0.0.0/0 [20/0] via 10.10.10.18, 02:17:53 


Which type of route does R1 use to reach host 10.10.13.10/32? 

A. floating static route 

B. host route 

C. default route 

D. network route 

Answer: D 

Explanation: 

From the output, we see R1 will use the entry “O 10.10.13.0/25 [110/4576] via 
10.10.10.1, ...” to reach host 10.10.13.10. This is a network route. 


Note: “B* 0.0.0.0/0 ...” is a default route. 


51.Which mode must be used to configure EtherChannel between two switches 
without using a negotiation protocol? 
A. on 
B. auto 
C. active 
D. desirable 
Answer: A 
Explanation: 
The Static Persistence (or “on” mode) bundles the links unconditionally and no 
negotiation protocol is used. In this mode, neither PAgP nor LACP packets are sent or 
received. ₪ 

ג 
52.Which IPv6 address block sends packets to a group address rather than a single‏ 
address? a‏ 
A. 2000::/3 se‏ 
B. FC00::/7‏ 
C. FE80::/10 a‏ 
ב D. FF00::/8‏ 

: o 

Answer: D P 
Explanation: > 
FFOO::/8 is used for IPv6 multicast apd this is the IPv6 type of address the question 
wants to ask. FE80::/10 range is {d for link-local addresses. Link-local addresses 
only used for communications Within the local subnetwork (automatic address 
configuration, neighbor disagvery, router discovery, and by many routing protocols). It 
is only valid on the curren subnet. 


It is usually created mically using a link-local prefix of FE80::/10 and a 64-bit 
interface identifier (ased on 48-bit MAC address). 
of 


53.DRAG DROP 
Drag and drop the functions from the left onto the correct network components on the 
right 


DHCP Server 
resolves web URLs to IP addresses 


assigns a default gateway to a client 


holds the TCP/IP settings to be distributed 
to the clients 


stores a list of IP addresses mapped 


to names 
DNS Server 


C= 


Answer: ₪ 
ּ יו‎ 
„SV 


assigns IP addresses to enabled clients 


DHCP Server 


holds the TCP/IP settings to be distributed 
to the clients 
assigns IP addresses to enabled clients 


resolves web URLs to IP addresses 


assigns a default gateway to a client 


holds the TCP/IP settings to be distributed 
to the clients 


assigns a default gateway to a client 


stores a list of IP addresses mapped 


to names 
DNS Server 


assigns IP addresses to enabled clients resolves web URLs to IP addresses 


> 
= 
₪ 
= 
© 
ר-‎ 
> 
- 
© 
D 


stores a list of IP addresses mapped 
to names 


54.Which two capacities of Cisco DNA Center make it more extensible as compared 
to traditional campus device management? (Choose two) 

A. adapters that support all families of Cisco IOS software 

B. SDKs that support interaction with third-party network equipment 

C. customized versions for small, medium, and large enterprises 

D. REST APIs that allow for external applications to interact natively with Cisco DNA 
Center 

E. modular design that is upgradable as needed 

Answer: BD 

Explanation: 

Cisco DNA Center offers 360-degree extensibility through four distinct 4ypes of 
platform capabilities: ג‎ 

+ Intent-based APIs leverage the controller and enable business id IT applications 
to deliver intent to the network and to reap network analytics ana insights for IT and 
business innovation. 

+ Process adapters, built on integration APIs, allow integration with other IT and 
network systems to streamline IT operations and processes. 

+ Domain adapters, built on integration APIs, allo egration with other 
infrastructure domains such as data center, WAN and security to deliver a consistent 
intent-based infrastructure across the entire {Penvironment. 

+ SDKs allow management to be extendagto third-party vendor’s network devices to 
offer support for diverse environments. 4 


aO 
כ‎ 


"4 
55.DRAG DROP 
Drag and drop the AAA tunes from the left onto the correct AAA services on the 
right 


Answer Area 


Answer Area 


- 


controls the actions that a user can 
perform 


a ee 
בהזו ו‎ 
ree, 


identifies the user 


| verifies the password associated with 
a user 


ntic on 


restricts the services that are available 
to a user 


Maton‏ "הזו ו ה 
ותו 


controls the actions that a user can 
perform 
identifies the user - 


a 


|| 
Hi 
/ 
|! 


ting 
provides analytical information for the 
network administrator 


records user activities 


56.What is the primary effect of the spanning-tree portfast command? 

A. it enables BPDU mgésages 

B. It minimizes spagriing-tree convergence time 

C. lt Mts alas the port into the forwarding state when the switch is reloaded 

D. It immediately enables the port in the listening state 

Answer: B 

Explanation: 

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/ 
release/12-2 55 se/configuration/guide/3560_scg/swstpopt.html 


| 


| 
| 
4 


57.DRAG DROP 
Drag and drop the IPv4 network subnets from the left onto the correct usable host 
ranges on the right 


Answer Area 


Answer: 
Answer Area 


172.28.228 144/18 


172.28.228 144/21 


3 


172.28.228 144/25 


172.28.228 144/29 


58.Refer to the exhibit. 


Port ID 
Gig 36/41 
Gig 36/43 
Gig 37/3 
Gig 37/1 
Ten 4/2 
Ten 3/2 


Router# 
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge 
S -Switch, H - Host, | - IGMP, r - Repeater, P - Phone, 
D - Remote, C - CVTA, M - Two-port Mac Relay 


Device ID Local Interface Holdtime Capability Platform 


10.1.1.2 Gig 37/3 176 CPT 0 
10.1.1.2 Gig 37/1 174 CPT 0 
10.1.1.2 Gig 36/41 4 CPT 0 
10.1.1.2 Gig 36/43 134 CPT 0 
10.1.1.2 Ten 3/2 132 CPT 600 
10.1.1.2 Ten 4/2 174 CPT 600 
Which command provides this output? Ro 
A. show ip route $ 
B. show ip interface 4° 
C. show interface ג‎ 
D. show cdp neighbor <| 
Answer: D ce 
x 
S 
59.Refer to the Exhibit. ל"ש‎ 


Switch 1 Switch 2 


‘Switch I Switch 2 


Name: Gi0/1 Name: Gi0/1 

Switchport: Enabled Switchport: Enabled 
Administrative Mode: trunk Administrative Mode: trunk 
Operational Mode: trunk Operational Mode: trunk 


Administrative Trunking Encapsulation: dotlq Administrative Trunking Encapsulation: dotlq 
Operational Trunking Encapsulation: 6011 Operational Trunking Encapsulation: dotlq 
Negotiation of Trunking: Off Negotiation of Trunking: Off 

Access Mode VLAN: 1 (default) Access Mode VLAN: 1 (default) 

Trunking Native Mode VLAN: 1 (default) Trunking Native Mode VLAN: 99 (default) 
Administrative Native VLAN tagging: enabled Administrative Native VLAN tagging: enabled 


Voice VLAN: none Voice VLAN: none 
<output omitted> <output omutted> 
Trunking VLANs Enabled: 50-100 Trunking VLANs Enabled: 50-100 
Pruning VLANs Enabled: 2-1001 Pruning VLANs Enabled: 2-1001 
Capture Mode Disabled Capture Mode Disabled 
Capture VLANs Allowed: ALL Capture VLANs — ALL 

4$ 


After the switch configuration the ping test fails between ROA and PC B. 
Based on the output for switch 1. which error must be 2 gSrrected? 

A. There is a native VLAN mismatch <S 

B. Access mode is configured on the switch porte? 

C. The PCs are m the incorrect VLAN D 

D. All VLANs are not enabled on the trunk sv 

Answer: A o~ 

Explanation: rO 

From the output we see the native Wi AN of Switch1 on Gi0/1 interface is VLAN 1 
while that of Switch2 is VLAN 9980 there would be a native VLAN mismatch. 


K 


60.Which 802.11 ומ‎ is association response? 

A. management 4 

B. protected frame® 

C. control ל‎ 

D. action 

Answer: A 

Explanation: 

Reference: https://en.wikipedia.org/wiki/802.11_Frame_Types 


61.Which API is used in controller-based architectures to interact with edge devices? 
A. overlay 

B. northbound 

C. underlay 


D. southbound 
Answer: D 


62.Which statement identifies the functionality of virtual machines? 

A. Virtualized servers run most efficiently when they are physically connected to a 
switch that is separate from the hypervisor 

B. The hypervisor can virtualize physical components including CPU. memory, and 
storage 

C. Each hypervisor can support a single virtual machine and a single software switch 
D. The hypervisor communicates on Layer 3 without the need for additional resources 
Answer: B 


< 
O 


0 
63.Which type of address is the public IP address of a NAT devige? 
A. outside global 4% 
B. outsdwde local ג‎ 
C. inside global ₪ 
D. insride local 6 
=. outside public 
F. inside public a 
Answer: C a> 
Explanation: P 
NAT use four types of addresses: , a 
* Inside local address - The IP address assigned to a host on the inside network. The 
address is usually not an IP adds% assigned by the Internet Network Information 
Center (InterNIC) or service pr@vider. 

This address is likely to be af RFC 1918 private address. 

* Inside global address -@egitimate IP address assigned by the InterNIC or service 
provider that represents one or more inside local IP addresses to the outside world. 

* Outside local adds@ss -. The IP address of an outside host as it is known to the 
hosts on the insid& network. 

* Outside global address -. The IP address assigned to a host on the outside network. 
The owner of the host assigns this address. 


64.Which option about JSON is true? 

A. uses predefined tags or angle brackets () to delimit markup text 
B. used to describe structured data that includes arrays 

C. used for storing information 

D. similar to HTML, it is more verbose than XML 

Answer: B 

Explanation: 


JSON data is written as name/value pairs. 

A name/value pair consists of a field name (in double quotes), followed by a colon, 
followed by a 

value: 

“name”:’Mark” 

JSON can use arrays. Array values must be of type string, number, object, array, 
boolean or null.. 

For example: 

{ 

“name”:?” John”, 

“age”:30, 

“cars”:[ “Ford”, “BMW”, “Fiat” ] 


} Ss 
E 
65.How do TCP and UDP differ in the way they provide 6 for delivery of 
packets? 
A. TCP is a connectionless protocol that does not au abe delivery of data, 
UDP is a connection-oriented protocol that uses sequehicing to provide reliable 
delivery. 
B. TCP does not guarantee delivery or error cheking to ensure that there is no 
corruption of data UDP provides message agRħowledgement and retransmits data if 
lost. ays 
C. TCP provides flow control to avoid o¥érwhelming a receiver by sending too many 
packets at once, UDP sends packetgsto the receiver in a continuous stream without 
checking for sequencing eo 
D. TCP uses windowing to ro packets reliably; UDP provides reliable message 
transfer between 
hosts by establishing a Ta way handshake 
Answer: C $ 

a 

0 

66.Which two SSmmand sequences must you configure on switch to establish a Layer 
3 EtherChannel with an open-standard protocol? (Choose two) 
A. interface GigabitEthernet0/0/1 
channel-group 10 mode on 
B. interface GigabitEthernet0/0/1 
channel-group 10 mode active 
C. interface GigabitEthernet0/0/1 
channel-group 10 mode auto 
D. interface port-channel 10 switchport 
switchport mode trunk 
E. interface port-channel 10 no switchport 


ip 3007655 2 0 
Answer: 5, = 


67.What is an advantage of Cisco DNA Center versus traditional campus device 
management? 

A. זו‎ supports numerous extensibility options including cross-domain adapters and 
third-party SDKs. 

B. It supports high availability for management functions when operating in cluster 
mode. 

C. It enables easy autodiscovery of network elements m a brownfield deployment. 
D. It is designed primarily to provide network assurance. 

Answer: A > 


68.Refer to the exhibit. 4% 


IBGP route 10.0.0.0/30 
RIP route 10.0.0.0/30 
OSPF route 10.0.0.0/16 


OSPF route 10.0.0.0/30 
EIGRP route 10.0.0.1/32 


A router reserved theg@ five routes from different routing information sources. 
Which two routes dots the router install in its routing table? (Choose two) 

A. RIP route 19.0.0/30 

B. iBGP route 10.0.0.0/30 

C. OSPF route 10.0.0.0/30 

D. EIGRP route 10.0.0.1/32 

E. OSPF route 10.0.0.0/16 

Answer: CD 


69.By default, how Does EIGRP determine the metric of a route for the routing table? 
A. it uses the bandwidth and delay values of the path to calculate the route metric 

B. it uses a default metric of 10 for all routes that are learned by the router 

C. it uses a reference Bandwidth and the actual bandwidth of the connected link to 


calculate the route metric 

D. it counts the number of hops between the receiving and destination routers and 
uses that value as the metric 

Answer: A 


70.What is a difference between local AP mode and FiexConnet AP mode? 
A. Local AP mode creates two CAPWAP tunnels per AP to the WLC 
B. FiexConnect AP mode fails to function if the AP loses connectivity with the WLC 
C. FlexConnect AP mode bridges the traffic from the AP to the WLC when local 
switching is configured 
D. Local AP mode causes the AP to behave as if it were an autonomous AP 
Answer: A > 
we 

Ra 
71.Router R1 must send all traffic without a matching outing able entry to 
192.168.1.1. ג‎ 
Which configuration accomplishes this task? ₪ 
A. R1#config t 6 
R1(config)#ip routing 
R1(config)#ip route default-route 192.168.1.1 O 
B. R1#config t K'a 
R1(config)#ip routing V 
R1(config)#ip route 192.168.1.1 0.0.0. Q8. 0.0.0 
C. R1#config 1 ג‎ 
R1(config)#ip routing eo 
R1(config)#ip route 0.0.0.0 0. 08. 0 1 
D. R1#config t 4 
R1(config)#ip routing „œ 
R1(config)#ip default gateway 192.168.1.1 
Answer: C 
aD 


72.Which function does the range of private IPv4 addresses perform? 

A. allows multiple companies to each use the same addresses without conflicts 
B. provides a direct connection for hosts from outside of the enterprise network 
C. ensures that NAT is not required to reach the internet with private range 
addressing 

D. enables secure communications to the internet for all external hosts 
Answer: A 


73.What event has occurred if a router sends a notice level message to a syslog 


server? 

A. A TCP connection has been torn down 
B. An ICMP connection has been built 

C. An interface line has changed status 
D. A certificate has expired. 

Answer: C 


74.Refer to the exhibit. 


SWl#show spanning-tree vlan 30 


VLANOO30 
Spanning tree enabled protocol rstp 
Root ID Priority 32798 
Address 0025 . 6369 .0 
Cost 19 
Port 1 (FastEthernet 2/1) 
Hello Time 2 sec 
Max Age 30 sec 
Forward Delay 20 sec 


[Output suppressed] 


> 
What two conclusions shougbe made about this configuration? (Choose two) 
A. The designated port FastEthernet 2/1 
B. This is a root bridgé 
C. The spanning-tre mode is Rapid PVST+ 
D. The spanningatree mode is PVST+ 
E. The root port is FastEthernet 2/1 
Answer: CE 


75.What are two fundamentals of virtualization? (choose two) 

A. The environment must be configured with one hypervisor that serves solely as a 
network manager to monitor SNMP traffic 

B. It allows logical network devices to move traffic between virtual machines and the 
rest of the 

physical network 

C. It allows multiple operating systems and applications to run independently on one 


physical server. 

D. It allows a physical router to directly connect NICs from each virtual machine into 
the network 

=. It requires that some servers, virtual machines and network gear reside on the 
Internet 

Answer: BC 


76.What is the difference regarding reliability and communication type between TCP 
and UDP? 

A. TCP is reliable and is a connection-oriented protocol UDP is not reliable and is a 
connectionless protocol 

B. TCP is not reliable and is a connection-oriented protocol; UDP is reliable and is a 
connectionless protocol ג‎ 

6. TCP is not reliable and is a connectionless protocol; UDP is reféble andisa 
connection-oriented protocol © 

D. TCP is reliable and is a connectionless protocol; UDP סו‎ reliable and is a 
connection-oriented protocol 4° 

Answer: A 6 


77.Refer to the exhibit. a? 


EIGRP: 192.168.12.0/24 


RIP: 192.168.12.0/27 
OSPF: 192.168.12.0/28 


How does the router manage traffic to 192.168.12.16? 

A. It selects the RIP route because it has the longest prefix inclusive of the destination 
address. 

B. It chooses the OSPF route because it has the longest prefix inclusive of the 
destination address. 

C. it load-balances traffic between all three routes 

D. It chooses the EIGRP route because it has the lowest administrative distance 
Answer: A 


78.How does Cisco DNA Center gather data from the network? 

A. Network devices use different services like SNMP, syslog, and streaming telemetry 
to send data to the controller 

B. Devices establish an iPsec tunnel to exchange data with the controller 

C. Devices use the call-home protocol to periodically send data to the controller. 

D. The Cisco CU Analyzer tool gathers data from each licensed network device and 
streams it to the controller. 

Answer: A 


79.DRAG DROP 
Drag and drop the attack-mitigation techniques from the left onto the Lypes of attack 
that they mitigate on the right. > 


configure א802.1‎ authenticate 


configure DHCP snooping 


configure the native VLAN with a 
nondefault VLAN ID 


disable DTP 


> 
כ‎ 
a 
5 
₪ 
n 
> 
- 
® 
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ל 
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Answer: 


- configure the native VLAN with a 
configure 802.1x authenticate nondefault VLAN ID 


configure DHCP snooping configure 802.1x authenticate 
configure the native VLAN with a - 
oai VLAN ID configure DHCP snooping 


disable DTP disable DTP 


D 
כ‎ 
a 
5 
₪ 
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© 
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80.Refer to the exhibit. 


Switch 1 Switch 2 


/.-=</ 7 60/1 nae 


> 
The network administrator w $ VLAN 67 traffic to be untagged between Switch 1 
and Switch 2 while all othe“VLANs are to remain tagged. 
Which command acconfptishes this task? 
A. switchport e 67 
B. switchport trunķ&llowed vlan 7 
C. switchport pģřate-vlan association host 7 
D. switchport trunk native vlan 67 
Answer: D 


81.What are two roles of the Dynamic Host Configuration Protocol (DHCP)? (Choose 
two) 

A. The DHCP server offers the ability to exclude specific IP addresses from a pool of 
IP addresses 

B. The DHCP client can request up to four DNS server addresses 

C. The DHCP server assigns IP addresses without requiring the client to renew them 


D. The DHCP server leases client IP addresses dynamically. 
E. The DHCP client maintains a pool of IP addresses it can assign. 
Answer: AD 


82.Which two minimum parameters must be configured on an active interface to 
enable OSPF v2 to operate? (Choose two) 
A. OSPF area 
B. OSPF MD5 authentication key 
C. iPv6 address 
D. OSPf process ID 
E. OSPf stub flag 
Answer: AD > 
we 
2 
2 
83.Which two outcomes are predictable behaviors for HSRP2%(Choose two.) 
A. The two routers synchronize configurations to provide cassistent packet forwarding 
B. The two routers negotiate one router as the active royter and the other as the 
standby router Ka 
C. Each router has a different IP address, both routers act as the default gateway on 
the LAN, and traffic is load-balanced between them 
D. The two routers share a virtual IP address tat is used as the default gateway for 
devices on the LAN ys 
=. The two routers share the same integfâce IP address and default gateway traffic is 
load-balanced between them כ‎ 
Answer: BD ₪ 
> 
> 

84.Several new coveragestells are required to improve the Wi-Fi network of an 
organization. y 
Which two standargesigns are recommended? (Choose two.) 
A. 52 provides‘ncreased network capacity with up to 23 nonoveriapping channels. 
B. For maximum throughput, the WLC is configured to dynamically set adjacent 
access points to the same channel. 
C. 5GHz channel selection requires an autonomous access point. 
D. Adjacent cells with overlapping channels use a repeater access point. 
E. Cells that overlap one another are configured to use nonoveriapping channels. 
Answer: BE 


85.Refer to the exhibit. 


VLAN 20 


(Users) 
10.10.13.0/24 


Internet = 
.2 


ip route‏ אסת81%5 


Gateway of last resort is 10.10.11.2 to network 0.0.0.0 


209.165.200.224 [20/0] via 10.10.12.2, 00:10:34 


4 subnets, 3 masks 

connected, GigabitEthernet0/0 
connected, FastEthernet2/0 
10.10.10.1, 00:03:34, 


connected, GigabitEthernet0/1 


a - 


2 subnets, 2 masks 
connected, FastEthernet0/1 
connected, VLAN20 


209.165.200.0/27 is subnetted, 1 subnets 


w 


10.0.0.0/8 is variably subnetted, 
6 10.10.10.0/28 is directly 
6 10.10.11.0/30 is directly 
6 10.10.13.0/30 ]110/2[ via 
GigabitEthernet0/0 
6 10.10.12.0/30 is directly 
s* 0.0.0.0/0 [1/0] via 10.10.11.2 


Switchl#show ip route 
Gateway of last resort is not set 
10.0.0.0/8 is variably subnetted, 
6 10.10.10.0/28 is directly 
6 10.10.13.0/24 is directly 
א‎ 
e 


Which path is used by the router@br internet traffic? 


A. 209.165.200.0/27 A 
B. 10.10.10.0/28 0% 
C. 0.0.0.0/0 > 

D. 10.10.13.0/24 4S 
Answer: C & 


oF” 


86.Refer to the exhibit. 


E 0/0 E 0/0 E 0/1 E 0/ 


R1 SW 1 SW 2 


interface Ethernet0/0 interface Ethernet0/0 interface Ethernet0/1 
no ip address switchport trunk encapsulation dotiq switchport trunk encapsulation dotiq 
! switchport mode trunk switchport mode trunk 
[ | 


interface Ethernet0/1 interface Ethernet0/2 
switchport trunk allowed vian 10 switchport access vlan 20 
switchport trunk encapsulation dot1q switchport mode access 
switchport mode trunk 


What commands are needed to add a subinterface to Ethernet0/0 ondi to allow for 
VLAN 20, with IP address 10.20.20.1/24? ג"‎ 
A. R1(config)#interface ethernet0/0 Po 
R1(config)#encapsulation 00110 20 < " 
R1(config)#ip address 10.20.20.1 255.255.255.0 4” 
B. Ri(config)#interface ethernet0/0.20 K3 
R1(config)#encapsulation dotiq 20 3” 
R1(config)#ip address 10.20.20.1 255.255.255.0.0° 
C. R1(config)#interface ethernet0/0.20 , 
R1(config)#ip address 10.20.20.1 0 
D. R1(config)#interface ethernet0/0 Ng 
R1(config)#ip address 10.20.20.1 255 055.255.0 
Answer: B oe 
₪ 

גב 
87.which purpose does a p6tthbound API serve in a controller-based networking‏ 
architecture? oad‏ 
A. communicates b en the controller and the physical network hardware‏ 
B. reports device efrors to a controller‏ 
C. generates stéfistics for network hardware and traffic‏ 
D. facilitates communication between the controller and the applications‏ 
Answer: D‏ 


88.Refer to the exhibit. 

arp inspection vlan 2-10‏ סו 

interface fastethernet 0/1 

ip arp inspection trust 

If the network environment is operating normally, which type of device must be 
connected to interface FastEthernet 0/1? 


A. DHCP client 
B. access point 
C. router 

D. PC 

Answer: C 


89.What is the primary purpose of a First Hop Redundancy Protocol? 
A. It allows directly connected neighbors to share configuration information. 
B. It allows a router to use bridge priorities to create multiple loop-free paths to a 
single destination. 
C. It reduces routing failures by allowing Layer 3 load balancing between OSPF 
neighbors that have the same link metric. ₪? 
D. זו‎ reduces routing failures by allowing more than one router to represent itself, as 
the default gateway of a network. ג‎ 
Answer: D © 
a% 
90.What occurs to frames during the process of framegtiooding? 
A. Frames are sent to every port on the switch in ל‎ VLAN except from the 
originating port 
B. Frames are sent to every port on the switgthat has a matching entry in the MAC 
address table. wy 
C. Frames are sent to all ports, including’those that are assigned to other VLANs. 
D. Frames are sent to every port ongfte switch in the same VLAN. 
Answer: A ג‎ 
> 
שש‎ 
91.Refer to the exhibit. a 


interface Loopback 1 
ip address 192.168.1.1 255.255.255.0 
| 


interface Loopback2 
ip address 192.168.2.1 255.255.255.0 
| 


interface Loopback3 
ip address 192.168.3.1 255.255.255.0 
ו‎ 


interface GigabitEthernet0/0 
ip address 172.16.1.62 255.255.255.224 


o 


Which configuration on RTR-1 denies SSH access ere 1 to any RTR-1 interface 
and allows all other traffic? 

A. access-list 100 deny tcp host 172.16.1.33 anys 

access-list 100 permit ip any any D 

interface GigabitEthernet0/0 4 

ip access-group 100 in o~ 

B. access-list 100 deny tcp host 172 41 .33 any eq 22 

access-list 100 permit ip any any g ג'‎ 

line vty 0 5 > 

access-class 100 in ₪ 

6. access-list 100 deny ton fost 172.16.1.33 any eq 23 
access-list 100 permit įi@äny any 

interface Gigabit Eth¢g?net0/0 ip 

access-group on 

D. access-list 0 deny tcp host 172.16.1.33 any eq 23 
access-list 100 permit ip any any 

line vty 0 15 

access-class 100 in 

Answer: B 


92.In which two ways does a password manager reduce the chance of a hacker 
stealing a users password? (Choose two.) 

A. זו‎ automatically provides a second authentication factor that is unknown to the 
Original user. 


5. It uses an internal firewall סז‎ protect the password repository from unauthorized 
access. 

C. It protects against keystroke logging on a compromised device or web site. 

D. It stores the password repository on the local workstation with built-in antivirus and 
anti-malware functionality 

E. It encourages users to create stronger passwords. 

Answer: CE 


93.Which technology is used to improve web traffic performance by proxy caching? 
A. WSA 
B. Firepower 
C. ASA < 
D. FireSIGHT ג‎ 
Answer: A ג‎ 
6 
g$ 
ב'‎ 
94.Which type of attack can be mitigated by dynamic ABP inspection? 
A. worm ee 
B. malware 
C. DDoS S 
D. man-in-the-middle ב‎ 
: 9 
Answer: כ‎ Y 


95.What are two roles of Domai me Services (DNS)? (Choose Two) 

A. builds a flat structure of DN&names for more efficient IP operations 

B. encrypts network Traffic gst travels across a WAN by default 

C. improves security by pébtecting IP addresses under Fully Qualified Domain Names 
(FQDNs) ₪ 

D. enables applicatiéns to identify resources by name instead of IP address 
E. allows a singlehost name to be shared across more than one IP address 


Answer: DE 


96.How do TCP and UDP differ in the way they guarantee packet delivery? 

A. TCP uses checksum, acknowledgement, and retransmissions, and UDP uses 
checksums only. 

B. TCP uses two-dimensional parity checks, checksums, and cyclic redundancy 
checks and UDP uses retransmissions only. 

C. TCP uses checksum, parity checks, and retransmissions, and UDP uses 
acknowledgements only. 

D. TCP uses retransmissions, acknowledgement and parity checks and UDP uses 


cyclic redundancy checks only. 
Answer: A 


97.Refer to the exhibit. 


Ri#show ip route 

Codes: C - connected, 5 - static, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
1א‎ - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
=1 - OSPF external type 1, ₪2 - OSPF external type 2 
| - IS-IS, su - IS-IS summary, L1 - !5-!5 level-1, L2 - IS-IS level-2 


Gateway of last resort is not set 


0 1.0.0.0/8 is directly connected, + 0 
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks 
10.0.1.3/32 [110/100] via 10.0.1.3, 00:40:07, 0 
10.0.1.0/24 is directly connected, SerialO 
10.0.1.5/32 ]110/5[ via 10.0.1.50, 00:40:07, 0 
10.0,1.4/32 [110/10] via 10.0.1.4, 00:40:07, 0 
גב‎ 


ס 0 0 0 


What is the next hop adrgeé for traffic that is destined to host 10.0.1.5? 
A. 10.0.1.3 aS 

B. 10.0.1.50 
C. 10.0.1.4 £ 
D. Loopback Dex? 
Answer: B 


98.What are two benefits of controller-based networking compared to traditional 
networking? 

A. controller-based increases network bandwidth usage, while traditional lightens the 
load on the network. 

B. controller-based inflates software costs, while traditional decreases individual 
licensing costs 

C. Controller-based reduces network configuration complexity, while traditional 


increases the potential for errors 

D. Controller-based provides centralization of key IT functions. While traditional 
requires distributes management function 

E. controller-based allows for fewer network failure, while traditional increases failure 
rates. 

Answer: CD 

Explanation: 

Cisco DNA Center Device Management 


99. Monitor the cloud for software update 


100. Uses CLI templates to apply a consistent configuration to multiple devices at an 
individual location > 

₪" 
101. Uses NetFlow to analyse potential security threats throushgat te network and 
take appropriate action on that traffic 
Traditional device management fos 
102. Manages device configuration on a per-device basis 


103. Security is managed near the perimeter of ffe network with firewalls, VPNs, and 
IPS Implements changes via an SSH termina> 


V 
Ko 
104.What mechanism carries multicast traffic between remote sites and supports 
encryption? ₪ 
A. ISATAP > 
B. GRE over 0 4 
C. iPsec over ISATAP a 
D. GRE sS 
Answer: B a 
of 


105.Refer to the exhibit. 


VLAN 200 | VLAN 200 


s 
PC A PC B 0 
6 
g$ 
Which outcome is expected when PC_A sends data to 7? 
A. The switch rewrites the source and destination MAC dddresses with its own. 
B. The source MAC address is changed. 6" 


6. The source and destination MAC addresses regin the same. 
D. The destination MAC address is replaced with Tiff. fff. fff. 
Answer: C a? 
V 

Ka 
106.How will Link Aggregation be Inaptemented on a Cisco Wireless LAN Controller? 
A. One functional physical port igy¥@eded to pass client traffic. 
B. The EthernetChannel must be configured in "mode active". 
C. When enabled, the WLCgandwidth drops to 500 Mbps. 
D. To pass client traffic, tw or more ports must be configured. 
Answer: A L 
Explanation: bY 
https://www.cisggom/c/en/us/td/docs/wireless/controller/7-5/configuration- 
guide/b_cg75/b_cg75_chapter_0100010.html 


107.Refer to the exhibit. 


Which switch in this configuration will be elected as the root bridge? 
SW1: 0C:E0:38:00:36:75 se 
SW2: 0C:0E:15:22:05:97 Ro 

SW3: 0C:0E:15:1A:3C:9D RS 

SW4: 0C:E0:18:A1:B3:19 4° 

A. SW1 nd 

B. Sw2 > 

0. SW3 לש‎ 

D. SW4 D 

Answer: C V 


Xe) 


כ" 
108.Which device performs state{yFinspection of traffic?‏ 
A. firewall <‏ 
B. switch 4‏ 
access point Re‏ .6 
D. wireless controller o‏ 
Answer: A ay‏ 


109.Which configuration ensures that the switch is always the root for VLAN 750? 
A. Switch(config)#spanning-tree vlan 750 priority 38003685 

B. Switch(config)#spanning-tree vlan 750 root primary 

C. Switch(config)#spanning-tree vlan 750 priority 614440 

D. Switch(config)#spanning-tree vlan 750 priority 0 

Answer: D 

Explanation: 

Although the spanning-tree vian 10 root primary command will ensure a switch will 
have a bridge priority value lower than other bridges introduced to the network, the 
spanning-tree vlan 10 priority 0 command ensures the bridge priority takes 


precedence over all other priorities. 


110.Refer to the exhibit. 


Bridge Priority: 32768 
MAC: DD:DD:DD:DD:DD:DD 


Bridge Priority: 30000 
MAC: CC:CC:CC:CC:CC:CC 


Bridge Priority: 32768 
MAC: AA:AA:AA:AA:AA: 


Bridge Priority: 30000 
MAC: BB:BB:BB:BB:BB:BB 


< 
0 
Which switch becomes the root bridge? „O 
A. S1 ב‎ 
B. 2 V 
C. $3 ro 
D. S4 ב‎ 
Answer: 5 5 
4 
` 
aS 
Ss 
oY 
+ 4 
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